ESET denied accusations of compromising its systems after IB specialist Kevin Bomont spoke about the campaign with Viper, which appeared to be an operation carried out using the ESET infrastructure.
According to a blog, Bomont, an employee of an Israeli company, fell victim to a malicious program after opening a link in a letter allegedly sent by the ESET Advanced Threat Defense team in Israel. The letter passed DKIM and SPF tests for the ESET domain, but Google WorkSpace flagged it as dangerous.
The attack occurred on October 8 and targeted IB specialists in Israel. The malicious file was distributed through ESET servers, with recipients being warned that the attack was carried out by a state-supported “attacker.” Victims were also invited to participate in the non-existent Eset Unleashed program, which was mentioned in the company’s branding.
The researcher discovered several ESET DLL libraries and a malicious Setup.exe in the uploaded file. Bomont described the program as a fake ransomware virus that mimics the behavior of the well-known Yanluowang malware. He also mentioned that files on devices cannot be restored as it functions as a wiper.
During the incident, the attacker also reached out to an organization associated with Iron Swords War, dedicated to the memory of the victims of the October 7, 2023 attack. These details indicate a possible involvement of hacktivists.
ESET refuted the claims of the Israeli office of the company. They clarified that the incident impacted a partner organization in Israel and the malicious campaign was swiftly blocked within 10 minutes. ESET assured that it effectively blocks the threat, ensuring the safety of its customers. The company also stated that they are working with a partner to investigate and are actively monitoring the situation.
The source of the malicious activity has not been identified yet, but the tactics used